package top.ibiji.shiro.controller;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.annotation.Logical;
import org.apache.shiro.authz.annotation.RequiresAuthentication;
import org.apache.shiro.authz.annotation.RequiresPermissions;
import org.apache.shiro.authz.annotation.RequiresRoles;
import org.apache.shiro.subject.Subject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.web.bind.annotation.*;
import top.ibiji.shiro.aop.WebLog;
import top.ibiji.shiro.constants.Constants;
import top.ibiji.shiro.exception.UnauthorizedException;
import top.ibiji.shiro.model.LoginBean;
import top.ibiji.shiro.model.ResponseBean;
import top.ibiji.shiro.service.SysUserService;
import top.ibiji.shiro.utils.CustomTokenUtils;

import java.util.HashMap;
import java.util.Map;
import java.util.UUID;

@RestController
public class LoginController {
    @Autowired
    SysUserService sysUserService;

    /**
     * /login	登入
     * /article	所有人都可以访问，但是用户与游客看到的内容不同
     * /require_auth	登入的用户才可以进行访问
     * /require_role	admin的角色用户才可以登入
     * /require_permission	拥有view和edit权限的用户才可以访问
     *
     * @param loginBean
     * @return
     */

    @PostMapping("/login")
    public ResponseBean login(@RequestBody LoginBean loginBean) {
        Map<String, Object> claims = new HashMap<>();

        String username = loginBean.getUsername();
        String password = loginBean.getPassword();
        if (username == null || password == null) {
            throw new UnauthorizedException();
        }
        UUID uuid = UUID.randomUUID();

        claims.put(Constants.LOGIN_USER_KEY_PREFIX, uuid);
        claims.put(Constants.TOKEN_USERNAME_Claims, username);
        String token = CustomTokenUtils.generateToken(claims);
        System.out.println("token--->" + token);


        return new ResponseBean(200, "Login success", token);
    }


    @WebLog(title = "article", action = "/article")
    @GetMapping("/article")
    public ResponseBean article() {
        Subject subject = SecurityUtils.getSubject();
        if (subject.isAuthenticated()) {
            return new ResponseBean(200, "您已经登录了", null);
        } else {
            return new ResponseBean(200, "访客身份", null);
        }
    }

    @GetMapping("/require_auth")
    @RequiresAuthentication
    public ResponseBean requireAuth() {
        return new ResponseBean(200, "您已通过身份验证", null);
    }

    @GetMapping("/require_role")
    @RequiresRoles("admin")
    public ResponseBean requireRole() {
        return new ResponseBean(200, "您正在访问require_role", null);
    }


    @GetMapping("/require_permission")
    @RequiresPermissions(logical = Logical.OR, value = {"view", "edit"})
    public ResponseBean requirePermission() {
        return new ResponseBean(200, "您正在访问 edit,view", null);
    }

    @RequestMapping(path = "/401")
    @ResponseStatus(HttpStatus.UNAUTHORIZED)
    public ResponseBean unauthorized() {
        return new ResponseBean(401, "未经授权", null);
    }

}
